CVE-2012-0866

NONECVSS 0.0

0.0

CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.

🔗 References (30)

secalert@redhathttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
secalert@redhathttp://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html
secalert@redhathttp://rhn.redhat.com/errata/RHSA-2012-0677.html
secalert@redhathttp://rhn.redhat.com/errata/RHSA-2012-0678.html
secalert@redhathttp://secunia.com/advisories/49272
secalert@redhathttp://secunia.com/advisories/49273
secalert@redhathttp://www.debian.org/security/2012/dsa-2418
secalert@redhathttp://www.mandriva.com/security/advisories?name=MDVSA-2012:026
secalert@redhathttp://www.mandriva.com/security/advisories?name=MDVSA-2012:027
secalert@redhathttp://www.mandriva.com/security/advisories?name=MDVSA-2012:092
secalert@redhathttp://www.postgresql.org/about/news/1377/
secalert@redhathttp://www.postgresql.org/docs/8.3/static/release-8-3-18.html
secalert@redhathttp://www.postgresql.org/docs/8.4/static/release-8-4-11.html
secalert@redhathttp://www.postgresql.org/docs/9.0/static/release-9-0-7.html
secalert@redhathttp://www.postgresql.org/docs/9.1/static/release-9-1-3.html

Is Your Infrastructure Affected by CVE-2012-0866?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-0866

📅 Published

🔄 Last Modified

🔗 References (30)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-0866?